Trait

com.jaroop.play.sentry

TokenAccessor

Related Doc: package sentry

Permalink

trait TokenAccessor extends AnyRef

Provides an interface for managing sessions client-side via requests and results. A TokenAccessor should be able to add or remove a SignedToken from a Result, as well as verify the signature of a SignedToken from a RequestHeader.

While it is not required to use them, token accessors should use the available signing methods in this trait to sign and verify tokens so that they cannot be tampered with by an attacker.

Linear Supertypes
AnyRef, Any
Known Subclasses
CookieTokenAccessor
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. TokenAccessor
  2. AnyRef
  3. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Abstract Value Members

  1. abstract def delete(result: Result)(implicit request: RequestHeader): Result

    Permalink

    Removes any issued AuthenticityToken or SignedToken from a Result.

    Removes any issued AuthenticityToken or SignedToken from a Result.

    result

    The Result to remove all issued tokens from.

    returns

    A new Result without any issued tokens.

  2. abstract def extract(request: RequestHeader): Option[AuthenticityToken]

    Permalink

    Attempts to extract an AuthenticityToken from a RequestHeader.

    Attempts to extract an AuthenticityToken from a RequestHeader.

    request

    The RequestHeader to extract the token from.

    returns

    An AuthenticityToken if the request contains a token with a valid signature. Otherwise, None.

  3. abstract def put(token: AuthenticityToken)(result: Result)(implicit request: RequestHeader): Result

    Permalink

    Puts an AuthenticityToken into a Result to return to a user.

    Puts an AuthenticityToken into a Result to return to a user.

    token

    The AuthenticityToken to be issued to a user.

    returns

    A Result containing a SignedToken or AuthenticityToken.

  4. abstract def signer: CookieSigner

    Permalink

    Requires a CookieSigner to sign tokens and verify token signatures.

Concrete Value Members

  1. final def !=(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any

  2. final def ##(): Int

    Permalink
    Definition Classes
    AnyRef → Any

  3. final def ==(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any

  4. final def asInstanceOf[T0]: T0

    Permalink
    Definition Classes
    Any

  5. def clone(): AnyRef

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  6. final def eq(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef

  7. def equals(arg0: Any): Boolean

    Permalink
    Definition Classes
    AnyRef → Any

  8. def finalize(): Unit

    Permalink
    Attributes
    protected[java.lang]
    Definition Classes
    AnyRef
    Annotations
    @throws( classOf[java.lang.Throwable] )

  9. final def getClass(): Class[_]

    Permalink
    Definition Classes
    AnyRef → Any

  10. def hashCode(): Int

    Permalink
    Definition Classes
    AnyRef → Any

  11. final def isInstanceOf[T0]: Boolean

    Permalink
    Definition Classes
    Any

  12. final def ne(arg0: AnyRef): Boolean

    Permalink
    Definition Classes
    AnyRef

  13. final def notify(): Unit

    Permalink
    Definition Classes
    AnyRef

  14. final def notifyAll(): Unit

    Permalink
    Definition Classes
    AnyRef

  15. def safeEquals(a: String, b: String): Boolean

    Permalink
    Attributes
    protected

  16. def sign(token: AuthenticityToken): SignedToken

    Permalink

    Signs an AuthenticityToken and concatenates it with its signature.

    Signs an AuthenticityToken and concatenates it with its signature. ("$${signature}$${token}") The resulting SignedToken is meant to be issued to a user (e.g., within a cookie).

    token

    The AuthenticityToken to sign.

    returns

    The signature of the AuthenticityToken concatenated with the token itself.

    Attributes
    protected

  17. final def synchronized[T0](arg0: ⇒ T0): T0

    Permalink
    Definition Classes
    AnyRef

  18. def toString(): String

    Permalink
    Definition Classes
    AnyRef → Any

  19. def verifyHmac(token: SignedToken): Option[AuthenticityToken]

    Permalink

    Verifies that a SignedToken token is valid by comparing the stored signature in the SignedToken to the signature of the raw AuthenticityToken that is part of the SignedToken.

    Verifies that a SignedToken token is valid by comparing the stored signature in the SignedToken to the signature of the raw AuthenticityToken that is part of the SignedToken. In order for any SignedToken to be valid, it must be issued via the TokenAccessor#sign method.

    token

    The SignedToken to validate.

    returns

    The contained AuthenticityToken if the signature is valid, otherwise None.

    Attributes
    protected

  20. final def wait(): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  21. final def wait(arg0: Long, arg1: Int): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

  22. final def wait(arg0: Long): Unit

    Permalink
    Definition Classes
    AnyRef
    Annotations
    @throws( ... )

Inherited from AnyRef

Inherited from Any

Ungrouped